Thursday, 29 September 2016
- Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)
- Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)
- Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)
- Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)
Wednesday, 28 September 2016
- Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)
- Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)
- `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)
- Re: Restrict loopback address to Secure Contexts?
Tuesday, 27 September 2016
- RE: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- RE: Restrict loopback address to Secure Contexts?
- Re: CSP tools and documentation
- Re: CSP tools and documentation
- [Css-images] Re: CSS fetch integration
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- RE: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- RE: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- RE: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- CSS fetch integration
Monday, 26 September 2016
- CSP tools and documentation
- RE: Restrict loopback address to Secure Contexts?
- Re: Restrict loopback address to Secure Contexts?
- RE: Restrict loopback address to Secure Contexts?
- Re: HSTS Priming
- Re: Restrict loopback address to Secure Contexts?
- Restrict loopback address to Secure Contexts?
Thursday, 22 September 2016
Wednesday, 21 September 2016
Friday, 23 September 2016
Thursday, 22 September 2016
Wednesday, 21 September 2016
- Re: WebAppSec and Auto WG discussion during TPAC
- Re: Isolate-Me explainer
- Re: WebAppSec and Auto WG discussion during TPAC
- Re: Isolate-Me explainer
- Re: WebAppSec and Auto WG discussion during TPAC
- remote participation for TPAC
- Re: Isolate-Me explainer
- RE: Isolate-Me explainer
- Re: Isolate-Me explainer
- Re: Isolate-Me explainer
Tuesday, 20 September 2016
- Re: Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016
- Call availability during TPAC?
- Re: Call on 9/21
- Re: Isolate-Me explainer
- Re: Isolate-Me explainer
- RE: Isolate-Me explainer
- Re: Isolate-Me explainer
Monday, 19 September 2016
- Re: Call on 9/21
- Re: Isolate-Me explainer
- Re: Isolate-Me explainer
- Call on 9/21
- Re: Isolate-Me explainer
- Re: Isolate-Me explainer
- Re: Isolate-Me explainer
- RE: Isolate-Me explainer
- Re: [blink-dev] Must have SSL or dedicated IP address?
Saturday, 17 September 2016
Friday, 16 September 2016
Thursday, 15 September 2016
Friday, 16 September 2016
Wednesday, 14 September 2016
- WebAppSec and Auto WG discussion during TPAC
- Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
Tuesday, 13 September 2016
- [webappsec] WG Note: CORS for developers
- Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
Monday, 12 September 2016
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads?
- Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads?
- Re: CSP: Embedded Enforcement
- Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads?
Friday, 9 September 2016
- Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads?
- Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads?
- Re: CSP: Embedded Enforcement
- Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
- Re: [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction
- Re: [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction
- [SRI] reporting (Was: [SRI] require-sri-for syntax and additional SRI/CSP interaction
- CSP: Embedded Enforcement
- Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads?
- Re: [SRI] require-sri-for syntax and additional SRI/CSP interaction
- Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
- Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
- [SRI] require-sri-for syntax and additional SRI/CSP interaction
- [SRI] require-sri-for: missing integrity metadata? same-origin loads?
- Re: Quoted Referrer-Policy values
Thursday, 8 September 2016
- Workshop on Web Application Security 2016 Stanford University, Sep. 9, 2016
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
- 'strict-dynamic' syntax (was Re: On the Insecurity of Whitelists and the Future of CSP)
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: On the Insecurity of Whitelists and the Future of CSP
Wednesday, 7 September 2016
- Re: On the Insecurity of Whitelists and the Future of CSP
- Re: Quoted Referrer-Policy values
- On the Insecurity of Whitelists and the Future of CSP
- Re: Quoted Referrer-Policy values
- Re: Quoted Referrer-Policy values
- Re: [webappsec] draft agenda for tomorrow's teleconference
- Re: Quoted Referrer-Policy values
- CORS-safelisted request headers should be restricted according to RFC 7231